Computing devices of all types, from large computers to portable computing devices, embedded controllers of all types, and processing devices of all sizes, often include a set of program applications that are able to perform various functions that are not generally allowed by most applications or user accounts. The operating systems of these computing devices often include definitions of execution “privileges” or “capabilities” where some application programs or other executable processes are able to execute with an elevated privilege or are granted access to one or more operations that are associated with a normally restricted “capability.” These application programs or processes are thereby identified as being able to perform various functions that are not authorized for other applications. In some examples, the data storage used to store applications is able to store information that identifies the maximum privilege level at which an application is able to execute or the capabilities granted to that application.